Jump to content


Photo

Explosion of spam and malicious emails in last several days


  • Please log in to reply
28 replies to this topic

#21 David Franklin

David Franklin
  • Members
  • 10 posts

Posted 16 July 2019 - 12:51 PM

@Michael Manning 

 

Yeah, a well tuned Bayes is essential. I just rebuilt mine in hopes of knocking this particular spam entity back, and it works. Sort of. Until they alter the message. Then you will have a wave hit your users with really low scores that score in the range you are allowing, Example:
 

7/16/2019 11:43 brandon.smith@secrertbenefits.com   The Trip of a Lifetime is Waiting. See Available Cruise Fares. 0.1 sunshine.secrertbenefits.com[93.119.178.13] 7/16/2019 11:43 elaine.kyle@secrertbenefits.com   Save On Last Minute Cruises - Search Here 0.7 sunshine.secrertbenefits.com[93.119.178.13] 7/16/2019 11:43 emma.d@secrertbenefits.com   The Trip of a Lifetime is Waiting. See Available Cruise Fares. 0.1 sunshine.secrertbenefits.com[93.119.178.13] 7/16/2019 11:43 elaine.kyle@secrertbenefits.com   Last-Minute Cruises at Big Savings 0.1 sunshine.secrertbenefits.com[93.119.178.13]

If I tag it spam, eventually my bayes will stop it and/or Barracuda will add custom rules that up the score. Then they change the message enough to avoid my bayes and/or Barracuda custom rules and you get similar messages in the user inbox again. 
 



#22 Michael Manning

Michael Manning
  • Members
  • 247 posts
  • LocationOhio, USA

Posted 16 July 2019 - 02:26 PM

I'm going to consider myself lucky then that the spammer aren't hitting me yet. There seems to be a big gulf between what is being delivered and what is being quarantined on our system. Scrolling through the logs it looks like everything being 'allowed' is more or less legitimate email from our customers or vendors with just a smattering of newsletters and such, and all have really low scores. Then there is a big jump in scores and that is either quarantined or blocked. 

 

we're also pretty small, under 60 recipients. I wonder if that makes a difference.



#23 Forrest Mook

Forrest Mook
  • Members
  • 58 posts

Posted 18 July 2019 - 10:56 AM

I've been getting this email junk since late 2018, but over time I've blocked an extensive amount of hosting provider IP address ranges (see previous posts in the thread https://community.ba...-thru-recently/), and that combined with a very low rate control setting blocks the vast majority of this stuff.   Just mentioning it as a way to tackle it without the cloud protection layer.



#24 David Franklin

David Franklin
  • Members
  • 10 posts

Posted 22 July 2019 - 11:50 AM

@Mook - blocking subnets/hosting provider ranges has worked well for me after seeing your suggestions in the other thread. Thanks!



#25 David Franklin

David Franklin
  • Members
  • 10 posts

Posted 24 July 2019 - 08:39 AM

 

We are not adding bulk detection to the BESG because it increases the amount of filtering the unit has to do and can result in systems that are pushing their limits to fail.
 

 

@Michelle,

 

Is BULK detection available on the BESG Virtual appliance? If not, what are the chances of this feature being added?



#26 David Franklin

David Franklin
  • Members
  • 10 posts

Posted 01 October 2019 - 11:06 AM

@Michelle,

 

Earlier in the thread you noted "We are not adding bulk detection to the BESG because it increases the amount of filtering the unit has to do and can result in systems that are pushing their limits to fail."

 

Since BESG running virtually on my hardware has resources beyond what is available on the BESG hardware, is/can bulk detection be added to the BESG virtual appliance?

 

 



#27 Administrator

Administrator
  • Members
  • 8 posts

Posted 09 October 2019 - 01:52 PM

???

#28 Administrator

Administrator
  • Members
  • 8 posts

Posted 09 October 2019 - 02:13 PM

???

#29 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 383 posts

Posted 10 October 2019 - 05:03 PM

There is no way to add bulk mail detection to your BESG

You can emulate it by adding content filters for words in BULK email.

eg: unsubscribe


Michelle Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300